FSB calls for convergence in cyber-incident reporting
We were interested to note a recent report from the Financial Stability Board (FSB) examining current approaches to cyber-incident reporting and suggesting next steps for broader convergence.
As the report observes, cyber incidents are growing rapidly in frequency and sophistication, posing an increasing threat to the stability of the financial system. “The FSB found that fragmentation exists across sectors and jurisdictions in the scope of what should be reported for a cyber incident; methodologies to measure severity and impact of an incident; timeframes for reporting cyber incidents; and how cyber incident information is used. This fragmentation could undermine a financial institution’s response and recovery actions, and underscores a need to address constraints in information-sharing among financial authorities and financial institutions.”
The report asserts that greater harmonisation would promote financial stability, through building a shared understanding of cyber incidents, supporting effective supervision, and facilitating coordination and information sharing across sectors and jurisdictions. The next steps for the FSB will be to develop best practices, including a minimum set of information needed by financial authorities, identify common types of information to be shared, and create shared terminologies and definitions for cyber-incident reporting.
While we suspect that this is not an area where XBRL is (yet) likely to be deployed, the FSB is setting out on the path to standardisation, potentially paving the way to structured digital data in the future – and we will be watching developments as they unfold.
Read more here.